Be On The Lookout For These COVID-19 Phishing Attacks

Do you know what phishing entails and how best to protect yourself and your organization? Everybody is a potential target, and so the only way to be safe is to understand how phishing works, how to identify and avert potential threats.

What Is Phishing?

Phishing, in general, is the practice of using fraudulent emails to steal personal information to commit identity theft. Phishers target large groups of random people with phony mass emails. Most common are emails purporting to be from your bank, the IRS, carriers such as UPS or FedEx, or social media sites like Facebook and Linked In.

Cybercriminals predominantly use four techniques to steal personal information or gain access to your company’s network:

  • Spear Phishing: A direct attack against a specific organization, such as a bank. It is done to gain unauthorized access to critical information. The attackers use malware-infected or malicious links that can compromise your computers.

Do not get fooled! Legitimate organizations never request highly sensitive information through email, for any reason, whatsoever.

  • Voice Phishing: Here, an attacker uses a phone call instead of emails, but the scam pattern is the same. Someone pretends to be an official from a legitimate organization and tricks the target into giving confidential information.

Telltale signs to be on the lookout for are things such as poor audio quality, strong regional dialects, and amateur voices. More importantly, valid companies do not use this method to verify your confidential information.

  • Smishing: Such attacks make use of Short Messaging Services (SMS), which are commonly known as text messaging. The scam involves a fake text message that directs you to a website that looks harmless but is actually malicious. The site requests private details which can be used to steal your identity. It may also try to install malware on your smartphone or PC.
  • Social Engineering: This is a general term used to refer to when cyber attackers use fake identities to coax you into performing unauthorized transactions.

As technology advances, so do phishing techniques. Where the first generation of phishing attacks primarily involved identity thefts, present-day attacks can also go after the intellectual property of a corporation. The attacks are more advanced and harder to detect. Some are designed to install malware that can secretly track keystrokes and data entered on web forms.

Coronavirus And Phishing Attacks

When the pandemic began, phishing attackers capitalized on the lack of information and weaponized the communication gap to scam unsuspecting netizens. Even today that there is an overwhelming news coverage on COVID-19, the attackers have advanced their techniques and become even more lethal. What these scams leverage is the urgency with which you seek Coronavirus information and the fact that fear makes people let their guards down.

Most common phishing attack emails during this period include:

  • False alerts from The United States Center For Disease Control (CDC) supposedly intended to warn you about COVID-19 hotspots in your locality. Such emails usually use very snappy wordings to invite you to click an embedded link urgently. The most recent one was a fake campaign from the CDC about an emerging flu epidemic.

Be safe, check CDC’s advisory on their email subscription service:

  • Health advice emails from doctors or hospitals that have had firsthand experience with COVID-19 management. The email directs you to click on a link to access or download safety measures.
  • Another common trend is fake emails purportedly from your office, guiding you on how to download new guidelines on Communicable Management Diseases Policies.
  • Also notorious is fake stimulus checks. The scammer will send you a phony check quoting an obviously excess amount and request you to return the extras either through direct money transfer, cash, or gift cards.

How Do You Identify And Avoid Potential Phishing Attacks?

  1. Be on the lookout for sites that ask you to submit private details such as Social Security number or bank account information online.
  2. Confirm the domain name of the email address or link by hovering the cursor pointer over it. This will show you the site that the link will direct you to. Do not click on a link if you are not 100% sure that it is from a valid source.
  3. Check any errors in spelling or grammar, and gauge the tone of the message. However, much careful they try to be; most cyber attackers send emails with grammatical mistakes. The tone is also likely to be urgent and commanding. Emails from legitimate entities have a formal tone and rarely call for immediate actions. Some phishing attackers even go the extreme length of warning you about a potentially massive loss if you don’t click the provided links.
  4. Also, be on the lookout for generic orthodox salutations like “Dear Madam/Sir.”

Tips On Phishing Attacks Prevention

  • Train your employees on cybersecurity. Having a team of competent IT experts is not enough. You should educate all your employees on phishing attack prevention and response measures. Since IT evolves and cyber attackers keep on devising new tricks, the training should not be a one-time affair. Facilitate regular cybersecurity awareness sessions and continuously monitor your staff’s readiness levels. Statistics show that strategic cybersecurity training reduces security-related threats by 70%.
  • Invest in DNS filtering solutions to automatically block malignant sites.
  • Regularly conduct cybersecurity reviews and patching. Updating your systems is also very helpful. When Microsoft Windows confirmed a widespread hack back in 2019, the attacks were partly blamed on users not updating their platforms.
  • Invest in high-tech authentication protocols for all your company files. Measures like SSO, encryption for both company-given and personal devices, and password complexity and expiration protocols have proven to be very instrumental.
  • Implement Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols to help your users authenticate the integrity of emails sent to them in your organization’s name.

Get Professional Outsourced Cybersecurity Support

Prevention and aversion of phishing attacks are all about the ability to isolate and immobilize threats in time, and that is what an established IT support company brings on board.

Fuelled Networks has been the go-to IT and Cybersecurity solutions company for organizations in Ottawa, Eastern Ontario, Brockville, and Kingston since 1982. We are driven by a systemic customer-oriented culture of providing proactive and hyper-professional IT solutions. We boast almost four decades of diligent cybersecurity solutions in Ottawa and Thought The National Capital Region.

Quality cybersecurity solution is just a call away. Discover more by calling (613) 828-1280 or click here to contact our team.

Ernie Sherman

I have a strong passion for helping Ottawa Businesses, Entrepreneurs and professionals to become more productive and successful while allowing them to feel at ease and secure when it comes to their Information Technology needs. As the President of Fuelled Networks since 1998, I specialize in providing no-nonsense flawless and prompt technical support to Ottawa businesses, with in-depth consulting on Fortinet, Microsoft, Microsoft Cloud Stack and security. I strive to help businesses to succeed and take great pride in building long-lasting positive relationships and taking on a strong leadership role within the Ottawa community.

Published On: 7th August 2020 by Ernie Sherman.